Hide Navigation Hide TOC Rundll32 UNC Path Execution (5cdb711b-5740-4fb2-ba88-f7945027afac) Detects rundll32 execution where the DLL is located on a remote location (share) Cluster A Galaxy A Cluster B Galaxy B Level Rundll32 UNC Path Execution (5cdb711b-5740-4fb2-ba88-f7945027afac) Sigma-Rules SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1 Rundll32 UNC Path Execution (5cdb711b-5740-4fb2-ba88-f7945027afac) Sigma-Rules Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1 SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2 System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2